From: Seth Morris <Seth.Morris@lambada.oit.unc.edu>
Date: Wed, 23 Feb 94 17:43:57 PST
To: cypherpunks@toad.com
Subject: argument for non-tech education (ie game)
Message-ID: <9402240143.AA29300@lambada.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text


/*****************************************************************************
 Concepts, abstracts, and storyboards for possible cypherpunk-friendly
educational game. By Seth Morris, Feb, 1994.
 
 This isn't really an abstract anymore, it's an argumentative essay.
 It's pretty stilted and dry, and most of the good examples and concepts
are in the actual game descriptions (to be sent in another message).
 This is almost a call to arms, though, focusing on the nontechnical
generation on crypto users who will follow us.
 
** Abstract
 
 The documentation for PGP says:
 
        READ THE DOCUMENTATION...  Cryptography software is easy to misuse,
   and if you don't use it properly much of the security you could gain
   by using it will be lost!  You might also be unfamiliar with the
   concepts behind ... cryptography...  Even if you are already familiar
   with ... Cryptography, it is important that you understand the various
   security issues associated with using ... [cryptography].  It may not
   be important to read the fine print on a box of breakfast cereal, but
   it may be crucial to read the label of a prescription drug.
   Cryptography software is like pharmaceuticals-- so read the manual!
 
 The issues surrounding crypto and crypto related topics (including
anonymity, pseudoanonymous identity, reputations, DC nets, remailers,
digital cash/checks/banking, signatures, escrow, trust, and more) are
complex, but it is important that a user of the technology understand
them. It is far more important that the users be aware of non-cryptanalysis
attacks and problems associated with the technology than they be fully
conversant with the mathematics and cryptanalysis involved.
 An excellent example is the active man-in-the-middle attack. the PGP
documentation devotes many lines to explaining this, and the necessity
of not trusting a public key recieved from a public repository that is
not signed by a trusted introducer, yet the public key servers contain
many such unsigned keys. These people presumedly have not understood
(or have not read) the documentation.
 This is not unexpected. The PGP documentation, while well written, is
dense and information packed. It was written by people who understand
the issues well and have worked out enough examples to follow Alice and
Bob discussions with ease.
 Many of the users of PGP currently have not spent this time. They are
not used to thinking about their security from the point of view of an
attacker (this may be unusual to most cypherpunks, who have learned to
always analyze systems for weakness before strength, many having learned
this from physical security and self defense lessons, I assume), and
their eyes glaze over a little when the hypothetical discussion start.
 Try to explain the mathematics behind a large dining cryptographer net
to a group of relatively mathematically unsophistacated, nontechnical
people sometime. The mathematics involved is grade school, but it is
often difficult to get otherwise well educated people to understand the
complexities and implications, even after you have taken the time to
prove the untraceability of the system. Then try to get them to discuss
ways to solve the collision problems. They have not spent the last year(s)
of their lives attacking hypothetical systems or examining programming
solutions for practicality and (often more important) practicability.
 Even mathematically sophisticated friends of mine become uncomfortable
when the phrase "completely connected subgraph" comes out. Following the
discussion requires effort and examples, which in turn require both a
background and a willingness to follow the technical discussions.
 The next generation on crypto users will be nontechnical. The cypherpunks
motto is "cypherpunks write code," but we are finding that as the list grows
the percentage of active programmers on the list decreases. The nonprogrammers
are no less interested in having and using solutions to the problems
associated with crypto than the programmers. They are no less intelligent or
educated, certainly. Their suggestions for systems and protocols to solve
real problems are often excellent. But we are losing many of them due to
a lack of preparation on crypto issues.
 As foreign as it may seem to some of us, these people often use a database
without thinking about the file formats or sorting algorythms used, and
don't want to be told what they are.
 How many of the old-time cypherpunks have bought the books and read the
articles which detail the crypto systems we use? How many hours and dollars
have been spent preparing for the discussions on cypherpunks and Usenet?
 We cannot expect the next generation to have as strong an acedemic background
on crypto issues if we are to meet a stated goal of providing strong
crypto solution and related technologies to the bulk of the future network
users.
 Many of the future users of our crypto solutions are not even on the net
yet. They might be using local BBSes, or LANs at work or school, or
possibly using commercial online services which, if they even have an
Internet connection, do not advertise the services of the Internet or
Usenet as well as their own services (quite naturally).
 However, if you open any recent issue of Boardwatch Magazine (a monthly
for sysops of local BBSes), you will find internetwork connectivity featured
prominently in every recent issue, often appearing in all of the cover
articles. The Waldenbooks Computer Books flier for January had a different
guide to the Internet on every other page, in addition to the proliferation
of guides to commercial services and LANs. The growth rate of connected users
is astonishing.
 These people will be using the technologies developed and supported by
groups such as the cypherpunks, and they need to be aware of the issues
and complexities they will face. They cannot, however, be expected to
spend the time, money, and effort to educate themselves completely in
cryptology. Nothing will remove their need to read the manuals and some
basic (and yet to be written) guides, but if the general public is to
use a system, it should be readily usable without requiring an extensive
background. It should contain the education it requires. The PGP documentation
does a good job of this, but it may not remain enough as the interest
level of the users changes from "how does this work" to "how do I use
this" to "just tell me what to type."
 By way of analogy, you can program in C without reading style guides, K&R,
the C FAQ, or the standard and rationale. Some education is required, but
it is relatively easy to get, and is usually supplied with the compiler.
Those who take the time and trouble to do the additional research (and
most programmers eventually do) will be that much better prepared, but
there is no glaring omission in your basic education until then. A similar
analogy could be drawn with writing essays, or juggling torches -- perhaps
a better analogy, because of the obvious and the nonobvious dangers.
 
 Phil Zimmerman writes in the PGP documentation:
          I remember a conversation with Brian Snow, a highly placed senior
         cryptographer with the NSA.  He said he would never trust an
         encryption algorithm designed by someone who had not "earned their
         bones" by first spending a lot of time cracking codes.  That did make
         a lot of sense.  I observed that practically no one in the commercial
         world of cryptography qualified under this criterion.  "Yes", he said
         with a self assured smile, "And that makes our job at NSA so much
         easier."  A chilling thought.  I didn't qualify either.
 
 It makes sense also that the people expected in the future to provide
solutions in the real world should have experience and understanding of
non-cryptanalysis attacks and issues, as well.
 
 The problem is to expose a large number of computer users, many of whom
may not be on any large networks yet -- but are expected to be in the
near future -- and who do not yet think they need crypto solutions, to
the issues and complexities of crypto, without also exposing anyone to
any dangers. The education should be easy to use, should have incentive
to use, should have a scalable degree of technicality, should not cause
anyone undue concern regarding legal and ethical issues (those people
unwilling to read The Big Book of Mischief to learn about urban terrorism
should not be similarly reluctant to use the crypto educational products),
and should expose people to important concepts in crypto such as key
management, signatures, anonymity, untraceability, traffic analysis, and
key forgery without causing problems with export/import restrictions or
possible legal restrictions on crypto and crypto information in certain
locales.
 
 My opinion is that a game which incorporates crypto topics in the gameplay
could be made to satisfy all of these requirements. Written as a BBS door,
it could be run on a variety of BBSes across the world, exposing users
who may not currently be on major networks, or who may not even be aware
that issues of crypto and crypto politics even exist, to the complexities
and concerns by providing practical experience thinking about weaknesses
and attacks, and providing an oportunity to realize without prompting that
there are legitimate needs for strong crypto by law abiding persons and
companies today.
 First and foremost, of course, the game should be fun, with emphasis on
gameplay. I feel that simple exposure to the topics will educate many
people enough that should they read the documentation to a crypto product
(such as PGP), they will have enought preparation to understand the
importance of concerns the documentation stresses. Also, it is my opinion
that allowing players to experience option such as web-of-trust vs
heirarchial trust systems and escrow vs personal key management will
better educate voters and letter writers to be involved in their own
local legislative process.
 I also feel, of course, that most people, given a chance to experience the
options, will choose to support the cypherpunks positions of personal
choice and self determination. It is unnecessary to "stack" the game. Simply
include the options, and allow people to decide for themself.
 
 
 Actual ideas for the game in another message (as I've probably lost most
readers long ago!).
 
 Seth Morris (Seth.Morris@launchpad.unc.edu)
 
*****************************************************************************/